helm install cert-manager

From wikieduonline
Jump to navigation Jump to search

helm repo add jetstack https://charts.jetstack.io
helm install --create-namespace --namespace cert-manager cert-manager jetstack/cert-manager --set installCRDs=true
 helm install cert-manager jetstack/cert-manager
--namespace cert-manager
--set installCRDs=true
--set ingressShim.defaultIssuerName=letsencrypt-prod
--set ingressShim.defaultIssuerKind=ClusterIssuer
--set ingressShim.defaultIssuerGroup=cert-manager.io
--version v1.1.0



https://cert-manager.io/docs/installation/helm/#crd-considerations

  • For Safety, install CRDs outside of Helm, e.g. kubectl
  • For Ease of use, install CRDS with helm
helm install --name cert-manager --namespace cert-manager --version v1.1.0 jetstack/cert-manager --set installCRDs=true

https://artifacthub.io/packages/helm/cert-manager/cert-manager?modal=values

# Install the cert-manager CRDs, it is recommended to not use Helm to manage the CRDs
installCRDs: false

Examples

v1.14.1

 helm install --create-namespace --namespace cert-manager cert-manager jetstack/cert-manager --set installCRDs=true
NAME: cert-manager
LAST DEPLOYED: Tue Feb  6 16:35:49 2024
NAMESPACE: cert-manager
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
cert-manager v1.14.1 has been deployed successfully!

In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).

More information on the different types of issuers and how to configure them
can be found in our documentation:

https://cert-manager.io/docs/configuration/

For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:

https://cert-manager.io/docs/usage/ingress/

Example

NAME:   cert-manager
LAST DEPLOYED: Thu Jun 30 10:30:29 2022
NAMESPACE: cert-manager
STATUS: DEPLOYED

RESOURCES:
==> v1/ClusterRole
NAME                                    CREATED AT
cert-manager-cainjector                 2022-06-30T08:30:31Z
cert-manager-controller-certificates    2022-06-30T08:30:31Z
cert-manager-controller-challenges      2022-06-30T08:30:31Z
cert-manager-controller-clusterissuers  2022-06-30T08:30:31Z
cert-manager-controller-ingress-shim    2022-06-30T08:30:31Z
cert-manager-controller-issuers         2022-06-30T08:30:31Z
cert-manager-controller-orders          2022-06-30T08:30:31Z
cert-manager-edit                       2022-06-30T08:30:31Z
cert-manager-view                       2022-06-30T08:30:31Z

==> v1/ClusterRoleBinding
NAME                                    ROLE                                                AGE
cert-manager-cainjector                 ClusterRole/cert-manager-cainjector                 2s
cert-manager-controller-certificates    ClusterRole/cert-manager-controller-certificates    2s
cert-manager-controller-challenges      ClusterRole/cert-manager-controller-challenges      2s
cert-manager-controller-clusterissuers  ClusterRole/cert-manager-controller-clusterissuers  2s
cert-manager-controller-ingress-shim    ClusterRole/cert-manager-controller-ingress-shim    2s
cert-manager-controller-issuers         ClusterRole/cert-manager-controller-issuers         2s
cert-manager-controller-orders          ClusterRole/cert-manager-controller-orders          2s

==> v1/CustomResourceDefinition
NAME                                 CREATED AT
certificaterequests.cert-manager.io  2022-06-30T08:30:31Z
certificates.cert-manager.io         2022-06-30T08:30:31Z
challenges.acme.cert-manager.io      2022-06-30T08:30:31Z
clusterissuers.cert-manager.io       2022-06-30T08:30:31Z
issuers.cert-manager.io              2022-06-30T08:30:31Z
orders.acme.cert-manager.io          2022-06-30T08:30:31Z

==> v1/Deployment
NAME                     READY  UP-TO-DATE  AVAILABLE  AGE
cert-manager             0/1    1           0          2s
cert-manager-cainjector  0/1    1           0          2s
cert-manager-webhook     0/1    1           0          2s 

==> v1/MutatingWebhookConfiguration
NAME                  WEBHOOKS  AGE
cert-manager-webhook  1         2s

==> v1/Pod(related)
NAME                                     READY  STATUS             RESTARTS  AGE
cert-manager-67c69456f5-7xxgs            0/1    ContainerCreating  0         2s
cert-manager-cainjector-89f658b5b-cmbcv  0/1    ContainerCreating  0         2s
cert-manager-webhook-6757f48d77-mbv4t    0/1    ContainerCreating  0         2s
==> v1/Role
NAME                                    CREATED AT
cert-manager-cainjector:leaderelection  2022-06-30T08:30:32Z
cert-manager-webhook:dynamic-serving    2022-06-30T08:30:32Z
cert-manager:leaderelection             2022-06-30T08:30:32Z

==> v1/RoleBinding
NAME                                    ROLE                                         AGE
cert-manager-cainjector:leaderelection  Role/cert-manager-cainjector:leaderelection  2s 
cert-manager-webhook:dynamic-serving    Role/cert-manager-webhook:dynamic-serving    2s
cert-manager:leaderelection             Role/cert-manager:leaderelection             2s 
==> v1/Service
NAME                  TYPE       CLUSTER-IP     EXTERNAL-IP  PORT(S)   AGE
cert-manager          ClusterIP  10.100.133.80  <none>       9402/TCP  2s
cert-manager-webhook  ClusterIP  10.100.248.14  <none>       443/TCP   2s

==> v1/ServiceAccount
NAME                     SECRETS  AGE
cert-manager             1        3s
cert-manager-cainjector  1        3s
cert-manager-webhook     1        3s

==> v1/ValidatingWebhookConfiguration
NAME                  WEBHOOKS  AGE
cert-manager-webhook  1         2s


NOTES:
cert-manager has been deployed successfully!

In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).

More information on the different types of issuers and how to configure them
can be found in our documentation:

https://cert-manager.io/docs/configuration/

For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:

https://cert-manager.io/docs/usage/ingress/

Helm incompatible versions

helm install --name cert-manager --namespace cert-manager --version v1.1.0 jetstack/cert-manager --set installCRDs=true
Error: incompatible versions client[v2.17.0] server[v2.16.1]

helm list
Error: incompatible versions client[v2.17.0] server[v2.16.1]
 
Solution: helm init --upgrade

helm version
Client: &version.Version{SemVer:"v2.17.0", GitCommit:"a690bad98af45b015bd3da1a41f6218b1a451dbe", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.16.1", GitCommit:"bbdfe5e7803a12bbdf97e94cd847859890cf4050", GitTreeState:"clean"}


Error: unknown flag: --name


helm repo add
kind: Certificate
kubectl edit deploy cert-manager -n cert-manager

See also

Advertising: